“Protecting your data is paramount to us at Team Zeus”
Recently the “WannaCry” ransomware affected a number of large organisations in one of the most widespread cyberattacks ever seen, leading many firms to become increasingly worried about the safety of information stored on local computers, and shared between different users. This exploit is suspected to have been transmitted by email and is supposed to be disseminated more easily with the use of file sharing applications that are commonly used in multi-site businesses.
The NHS was amongst the victims of this incident that hit approximately 99 countries, which demonstrates the damage that such malicious programs can cause if sensitive information ends up into the wrong hands.
Fortunately, Team Zeus users cannot receive messages from people outside of the business, as our application is designed for internal use only. Moreover, all data is encrypted at source via a 2048bit SSL RSA public key, combined with the use of a SHA256 signature algorithm and an ECDHE_RSA key exchange. Together this provides security that is better that that which most banks currently use.
(You can read more about our security credentials here.)
To further increase the security of your information, we would like to share with you the best practices to adopt, in order to ensure that your Team Zeus account stays safe and secure. Here are a few tips to apply that will reinforce your account safety:
Make your password “impenetrable”
Your Team Zeus password gives you access to your company’s private data, and as such it needs to be kept private and be as strong as possible. You should therefore create a unique password that is at least 8 characters long with the use of both uppercase and lowercase letters, as well as numbers and characters that would make it more difficult to guess.
Workstations must also be secured by a unique password and we advise that employees sign out of their computer when leaving their desk, so as to ensure another user can’t possibly access Team Zeus in their absence.
Your password must be changed regularly to prevent giving access to someone who might have inadvertently found it out. Sometimes employees might get frustrated with having to regularly modify it and may instead opt for a weaker password. A way around this would be to ask your staff to use a password manager such as LastPass, which generates unique, random passwords.
Secure your connection to Team Zeus on your mobile device
In order to securely access your Team Zeus account via one of our mobile applications, you will need first to authorise your mobile device. To do so, login to the Team Zeus platform via your computer, then go to your profile, and select ‘My devices’. Click the ‘Request Code’ button, and you will get a code that needs to be entered when you first login on the native app.
Conversely, if you are changing your phone, we recommend you delete your old handset from the list of authorised devices. This will automatically log you out Team Zeus on that device permanently.
Limit access to some of your groups
When sensitive information needs to be discussed with members of a team, users can create a group that is either ‘restricted’ or ‘private’ on Team Zeus, so access is limited to the group members.
For a discussion that needs to stay totally confidential, it is best to set it as ‘private’, so it is invisible to people who are not part of that group.
When an employee has left the company, they should be removed from Team Zeus, so they can no longer access your company’s internal chat. This will avoid the risk of having mischievous former employees sharing any sensitive or private information externally.
The IT team should work closely with the HR department, to ensure that users are removed from Team Zeus immediately after their departure.
On Team Zeus, users are able to export notifications that they receive by email to the Team Zeus application. But, this doesn’t mean that they can just share the content of any email on the platform, and potentially put the security of your company’s account at risk.
To do this, they have to first ask for the approval of an admin user, who will then add the email address or domain name to a whitelist, authorising this source to post content on Team Zeus.
We suggest admin users regularly carry out a number of security checks, by inspecting the Audit Trail that is accessible via the Admin Dashboard.
With the audit trail you can verify who made a specific modification (i.e. user activation, email changes, password changes, etc), and see when this occurred. This will allow you to identify any unusual activities and to act upon them fast.
When you share a sensitive file with your colleagues on Team Zeus, you should always encrypt it with a password. Microsoft Office enables you to easily protect a document with a password when you are about to save it onto your computer.
To make the security of your Team Zeus account impenetrable, your enterprise should follow strict security rules.
Though it should go without saying for modern PC users, it is important that a reliable anti-virus package is used to secure all your company’s computers. At Team Zeus we suggest the paid version of BidDefender, which achieved the highest test scores in comparison with other anti-viruses, and also protects against emerging threats like ransomware.
Furthermore, your IT team must limit the ability for employees to install new software on their computers, by assigning them with a “limited account” that means they can’t install any malicious programs onto their computer.
Finally, remind your staff to install updates and patches, as they will not only serve the purpose of adding new features or fixing bugs, but they will most importantly help to fix security holes that could be exploited by malware.
These measures should form part of your company’s internal security policy, and will increase the security of the data you share on Team Zeus, and protect it against cyber threats. Luckily, Zeus has you covered!